Hi guys,

We are quite newby about Kamailio and we are trying to use it as a load balancer. While installing certificates we started having problems.

We use Kamailio (vers. 5.5) deployed on a VM (Ubuntu, 20.04 LTS). 

We cannot connect via TLS Kamailio VM with clients or other TCP VM.

Our Kamailio currently exposes only port 5060 in UDP and TCP.

Even doing a port scan on localhost, port 5061, used for the TLS protocol, is instead closed.

There are 3 things worth noting:

- All ports for all protocols are open on the firewall;
- Before we set the disable_tcp option to "no", the 5060 was only reachable in UDP;
- Even if you put a non-existent certificate, the system does not return an error so we cannot understand if the goodness of the certificates affects the opening of the door. Furthermore, we did not find any different behavior when switching from crt format (key for the private key) to PEM.

If someone can help us would be very appreciated.

Thank you very much

Here is our tls configuration:

kamailio.cfg

#!define WITH_TLS 1

...

disable_tcp=no

auto_aliases=no

….

loadmodule "sl.so"

loadmodule "tls.so"

...

modparam("tls", "private_key", "/etc/kamailio/key.pem")

modparam("tls", "certificate", "/etc/kamailio/crt.pem")

modparam("tls", "ca_list", "/etc/kamailio/ca.pem")

enable_tls=yes

tls.config

[server:default]

method = TLSv1.2+

verify_certificate = no

require_certificate = no

private_key = /etc/kamailio/kamailio-selfsigned.key

certificate = /etc/kamailio/kamailio-selfsigned.pem

#ca_list = /etc/kamailio/tls/cacert.pem

#crl = /etc/kamailio/tls/crl.pem

[client:default]

#method = TLSv1.2+

verify_certificate = no

require_certificate = no

Sent with Shift

_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev